mIRC DCC Exploit

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Ottobre 2003 ml@sikurezza.org
Soggetto: mIRC DCC Exploit
Mittente: GIORDI
Data: 16 Oct 2003 09:34:48 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

updated Mon Oct 13 16:47:18 EDT 2003

Main Information and Fix
Version 6.12 was released Oct 13 to fix this problem. Download it
if
you feel brave. :-)

Starting Oct 12, 2003, an exploit was used to crash many people's
mIRC clients. All versions from 6.0 thru 6.11 were affected, 6.12
was
released Oct 13 to fix the problem. The exploit involves a DCC
command which can be sent to any person or channel, no matter what
your DCC options are. (DCC is used to trade files or for DCC
chat.)
You can either download the new version (and hope it has no new
bugs), or if you can afford to wait a few days, maybe stick to the
old temporary fix of ignoring all DCC sends entirely. Just type
the
following command, on a new line by itself in any chat window,
beginning with the slash character:

/ignore -wd *

(We don't advise downgrading to 5.x, since those have known
exploits
and multi-server doens't work.)

Check EFnet #mIRC topic (use /raw list #mIRC if you cannot join)
for
updates too. The information was contributed by EFnet helpers from
many sources, working together in harmony without ego or drama,
who
knew. It is not an official message from the author of mIRC.

The following is for geeks, most people can stop reading. :-)


Other Information
Is this the /userhost bug? No, that was fixed in 6.11. It's also
not
the DCC resume bug or any other old bug. This is something totally
different, affecting every version of 6.* including the current
6.11
- - yes, we tested every single one.

How can I trust you? What does that /ignore command do? To learn
what
it does, type: /help /ignore (again on a new line by itself). It's
just a command to ignore DCCs, you can turn it off any time by
/ignore -rwd * The command is also in the topic of #mIRC on any
large
network such as EFnet, IRCnet, DALnet, etc.

But how do I download files now? If you really want, you can
exempt
certain trusted people from the ignore: first do /ignore -wd *
then
/ignore -x nickname where nickname is the trusted exemption.

How does the exploit work? It's hardly a secret now, but for
obvious
reasons we're not going to publicize it any further.

Can the attack do more than crash me? Can they make me issue
arbitrary commands? The attack can be used to crash you to take
your
nick, or crash all ops in a channel for a takeover. Beyond that
who
knows. Assume the worst to be safe.

http://www.irchelp.org/irchelp/mirc/exploit.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP4xoTXGDY/WniKmLEQJovwCgowaoYijrPC5gj0cCc10S2a3HvaUAnjhl
7EVGgqtr0ThW0keypdbkMsOT
=8mMl
-----END PGP SIGNATURE-----



________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Messaggi successivi:
- Re: mIRC DCC Exploit, The Jackal

In risposta a:
- Requisiti legali server farm, Andrea Badaloni
- Re: Requisiti legali server farm, Massimiliano Nicotra

Data:
- precedente: Re: firewallconfig, Salvatore Basso
- successivo: Antivirus e squid, pbornacin
- indice

Argomento:
- precedente: Re: Requisiti legali server farm, Massimiliano Nicotra
- successivo: Re: mIRC DCC Exploit, The Jackal
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005